stunnel-users May 2006

stunnel-users@stunnel.org

27 participants
34 discussions

Installing Stunnel on AIX5.3
by Shinoy 09 May '06

09 May '06

Hi, I want to install Stunnel on AIX 5.3 and configure it. I was trying to find some documentation and also know if it will work on AIX 5.3. Any help is greatly appreciated. --------------------------------- Yahoo! India Answers: Share what you know. Learn something new. Click here Send instant messages to your online friends - NOW

2 1

RE: [stunnel-users] Stunnel configuration
by Moehrke, John (GE Healthcare) 09 May '06

09 May '06

I would further like to ask: Is it true that the proper way to get to TLSv1 is to start with SSLv3? Is there a reference that someone can point me at? John _____ From: stunnel-users-bounces(a)mirt.net [mailto:stunnel-users-bounces@mirt.net] On Behalf Of Nadav, Erez Sent: Monday, May 08, 2006 11:55 AM To: stunnel-users(a)mirt.net Subject: [stunnel-users] Stunnel configuration Hi all, How can I configure my stunnel client application (windows) with the following parameter : TLSv1only = yes Nadav Erez R&D Verint Systems Ltd. Phone: +972-9-962-4753 Cell: +972-54-778-4753 Email: erez.nadav(a)verint.com <mailto:erez.nadav@erez.nadav@verint.com> Web: www.verint.com <http://www.verint.com/> ________________________________________________________________________ __________________ This electronic message contains information from Verint Systems, which may be privileged and confidential. The information is intended to be for the use of the individual(s)or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by replying to this email (1).

1 0

Trying to load stunnel sources
by Nadav, Erez 09 May '06

09 May '06

Hi all, I am a programmer and I want to compile the stunnel for windows application in order to try to fix some non working TLS issues. I having problem when accessing http://www.stunnel.org/download/source.html address. I have the following questions: 1. Where and How can I load all stunnel sources ? 2. How should I compile it on windows machine ? 3. How should I use the mentioned PGP key Thanks Erez __________________________________________________________________________________________ This electronic message contains information from Verint Systems, which may be privileged and confidential. The information is intended to be for the use of the individual(s)or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by replying to this email (1).

1 0

Stunnel configuration
by Nadav, Erez 08 May '06

08 May '06

Hi all, How can I configure my stunnel client application (windows) with the following parameter : TLSv1only = yes Nadav Erez R&D Verint Systems Ltd. Phone: +972-9-962-4753 Cell: +972-54-778-4753 Email: erez.nadav(a)verint.com <mailto:erez.nadav@erez.nadav@verint.com> Web: www.verint.com <http://www.verint.com/> __________________________________________________________________________________________ This electronic message contains information from Verint Systems, which may be privileged and confidential. The information is intended to be for the use of the individual(s)or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by replying to this email (1).

1 0

client certificate authentication
by Srilalitha Muralidhara(HCL Capital Market Services) 08 May '06

08 May '06

Hi, I am new to stunnel. My application listens on 6 socket ports. External applications either dump data on these socket ports or send requests on these socket ports to receive data. Thus, my application is a server and external applications are clients. We got to authenticate these external applications before accepting the requests/data. So I am planning to use client certificate authentication of stunnel. In this case, should the server have a certificate as well? Will the server be authenticated? Is it necessary for all the external applications to be using the same certificate? Thanks, Sri Disclaimer: *********** The contents of this E-mail (including the contents of the enclosure(s) or attachment(s) if any) are privileged and confidential material of HCL Capital Market Services and should not be disclosed to, used by or copied in any manner by anyone other than the intended addressee(s). In case you are not the desired addressee, you should delete this message and/or re-direct it to the sender. The views expressed in this E-mail message (including the enclosure(s) or attachment(s) if any) are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of HCL Capital Market Services. This e-mail message including attachment/(s), if any, is believed to be free of any virus. However, it is the responsibility of the recipient to ensure that it is virus free and HCL Capital Market Services is not responsible for any loss or damage arising in any way from its use.

1 0

Performance Problems.
by Don Werve 05 May '06

05 May '06

After a fair bit of poking, prodding, and googling, I have yet to find the solution to my problem. So, here goes: stunnel looks to be running slowly. Very slowly. We're starting to analyze it with gprof to see where it spends all of its time when we're trying to do content negotiation, and I've whipped up a quick-and-dirty Ruby script that grabs data from the server and then spits out the performace results; I'm sitting on my own T1, so our connectivity is pretty good. The results with this script are similar with 'delay=yes', 'session=600', and 'compression=zlib'. So, here's what happens when I nab data from our stunnel-ed server with said script (I can supply the script if anyone is interested): #File Size time thrpht time thrprt multiple ---------------------------------------------------------------------- index.html 7k http 0.1548 ( 46k/s) https 0.7449 ( 9k/s) * 4.8131 test1.jpg 1k http 0.0928 ( 12k/s) https 0.6379 ( 1k/s) * 6.8726 test2.jpg 10k http 0.1812 ( 59k/s) https 0.6743 ( 16k/s) * 3.7208 test3.jpg 19k http 0.2236 ( 85k/s) https 0.7677 ( 24k/s) * 3.4338 test4.jpg 53k http 0.5668 ( 94k/s) https 1.1543 ( 46k/s) * 2.0365 test5.jpg 97k http 0.7861 (123k/s) https 2.1974 ( 44k/s) * 2.7954 test6.jpg 214k http 1.4061 (152k/s) https 2.3735 ( 90k/s) * 1.6880 test7.jpg 140k http 0.9434 (149k/s) https 1.9331 ( 72k/s) * 2.0491 test8.jpg 470k http 2.8590 (164k/s) https 3.7696 (124k/s) * 1.3185 ('multiple' is the number of times 'slower' https is versus http). And, here's my stunnel config: *** cert = /etc/certs/combined.pem setuid = nobody setgid = nobody pid = /var/run/stunnel/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 0 output = /var/log/stunnel [https] local = 64.40.110.16 accept = 443 connect = 64.40.110.16:80 TIMEOUTclose = 0 *** So, any ideas why stunnel is working so slowly? I mean, I know there's the overhead of the SSL negotiation, and I've heard some things about a stunnel session cache, but nothing about enabling/using it (unless 'session = something bigger than zero' does so?). Any suggestions to improve performance, especially for large batches of small transfers? Thanks-in-advance! -- Don Werve <donw(a)iradeon.net> Chief Systems Administrator / Systems Architect

1 0

Using stunnel to add https support to ONE virtual host
by Gonzalo Diethelm 05 May '06

05 May '06

Hello, I have Apache serving plain http pages for several domains running as virtual hosts on one machine (debian). I know SSL will not work with this setup, and I understand the reasons why (at least I think I do). Let's say the virtual hosts are www.server1.com www.server2.com www.server3.com I would like to use stunnel to add https capabilities to ONE of the virtual hosts (say, www.server3.com). In other words, I would like to configure stunnel in server mode with a certificate file, listening on www.server3.com:443, so that if I use a browser to visit https://www.server3.com/ then stunnel will accept the connection and forward all traffic to www.server3.com:80, letting Apache handle it; in particular, this would have to allow Apache to recognize which of the virtual hosts is being visited; I wouldn't like to have www.server1.com respond to my requests instead of www.server3.com. Is this possible? Any caveats, hints, recommendations? Thanks in advance, and best regards, -- Gonzalo Diethelm gonzalo.diethelm(a)aditiva.com

2 1

Using stunnel to add https support to ONE virtual host
by Gonzalo Diethelm 04 May '06

04 May '06

1 0

Re: stunnel 4.15 crashes with vnc server 4.1.1
by Harry Boeck 04 May '06

04 May '06

Hallo stunnel-users, @Michal Trojnara: Thanks for your help, Mike! The solution came overnight when i remembered my own message: > and the screen on the server side should remove the background image > and visual effects). Well: I disabled the desktop modifications in vnc and it runs. Something is incompatible in the stunnel GUI with the removal of global windows GUI behaviour (despite the fact, that i have not a single one of them in use - to the best of my knowledge), what has nothing to do with the dedication of stunnel. Maybe there's a simple GUI message not handled correctly? As this seems to be something common to all windows versions, could this possibly happen in windows xp, too? (I don't use one, so somone would have to investigate this.) It's another motivation to start compiling in cygnus. But unfortunally at this very moment i'm occupied with other tasks. May be some other guy has the fancy to look at this matter... Mit freundlichem Gruß Harry Boeck

1 0

stunnel install issues with mknod command
by Trishul Shah 04 May '06

04 May '06

Hi, I was wondering if you could help me, I am trying to install stunnel on a machine running solaris 10, but the catch is that I am trying to install it within a zone in solaris 10, unfortunately during the installation process after the source is compiled I see the following error: Making install in src test -z "/usr/local/lib" || /bin/bash ../auto/mkinstalldirs "/usr/local/lib" /bin/bash ../libtool --mode=install ../auto/install-sh -c 'libstunnel.la' '/usr/local/lib/libstunnel.la' ../auto/install-sh -c .libs/libstunnel.so /usr/local/lib/libstunnel.so chmod +x /usr/local/lib/libstunnel.so ../auto/install-sh -c .libs/libstunnel.lai /usr/local/lib/libstunnel.la ---------------------------------------------------------------------- Libraries have been installed in: /usr/local/lib If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - use the `-RLIBDIR' linker flag See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- test -z "/usr/local/sbin" || /bin/bash ../auto/mkinstalldirs "/usr/local/sbin" /bin/bash ../libtool --mode=install ../auto/install-sh -c 'stunnel' '/usr/local/sbin/stunnel' ../auto/install-sh -c stunnel /usr/local/sbin/stunnel test -z "/usr/local/sbin" || /bin/bash ../auto/mkinstalldirs "/usr/local/sbin" ../auto/install-sh -c 'stunnel3' '/usr/local/sbin/stunnel3' Making install in doc test -z "/usr/local/share/doc/stunnel" || /bin/bash ../auto/mkinstalldirs "/usr/local/share/doc/stunnel" ../auto/install-sh -c -m 644 'stunnel.html' '/usr/local/share/doc/stunnel/stunnel.html' ../auto/install-sh -c -m 644 'stunnel.pl.html' '/usr/local/share/doc/stunnel/stunnel.pl.html' ../auto/install-sh -c -m 644 'stunnel.fr.html' '/usr/local/share/doc/stunnel/stunnel.fr.html' test -z "/usr/local/man/man8" || /bin/bash ../auto/mkinstalldirs "/usr/local/man/man8" ../auto/install-sh -c -m 644 './stunnel.8' '/usr/local/man/man8/stunnel.8' ../auto/install-sh -c -m 644 './stunnel.pl.8' '/usr/local/man/man8/stunnel.pl.8' ../auto/install-sh -c -m 644 './stunnel.fr.8' '/usr/local/man/man8/stunnel.fr.8' Making install in tools test -z "/usr/local/etc/stunnel" || /bin/bash ../auto/mkinstalldirs "/usr/local/etc/stunnel" ../auto/install-sh -c -m 644 'stunnel.conf-sample' '/usr/local/etc/stunnel/stunnel.conf-sample' if test ! -r /usr/local/etc/stunnel/stunnel.pem; then \ if test -r "/dev/urandom"; then \ dd if="/dev/urandom" of=stunnel.rnd bs=256 count=1; \ RND="-rand stunnel.rnd"; \ else \ RND=""; \ fi; \ /usr/local/bin/openssl req -new -x509 -days 365 -nodes $RND \ -config ./stunnel.cnf \ -out stunnel.pem -keyout stunnel.pem; \ test -eq 0 || /usr/local/bin/openssl gendh $RND 512 >> stunnel.pem; \ /usr/local/bin/openssl x509 -subject -dates -fingerprint -noout -in stunnel.pem; \ ../auto/install-sh -c -m 600 stunnel.pem /usr/local/etc/stunnel/stunnel.pem; \ rm stunnel.pem; \ fi mkdir -p /usr/local/var/stunnel chmod a=rwx,+t /usr/local/var/stunnel if uname | grep SunOS; then \ mkdir -p /usr/local/var/stunnel/dev; \ chmod u=rwx,go=rx /usr/local/var/stunnel/dev; \ mknod /usr/local/var/stunnel/dev/zero c 13 12; \ chmod a=rw /usr/local/var/stunnel/dev/zero; \ fi SunOS mknod: Not owner *** Error code 2 make: Fatal error: Command failed for target `install-data-local' Current working directory /export/home/playtech/stunnel-4.14/tools *** Error code 1 The following command caused the error: make install-exec-am install-data-am make: Fatal error: Command failed for target `install-am' Current working directory /export/home/playtech/stunnel-4.14/tools *** Error code 1 The following command caused the error: failcom='exit 1'; \ for f in x $MAKEFLAGS; do \ case $f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo install-recursive | sed s/-recursive//`; \ list='src doc tools'; for subdir in $list; do \ echo "Making $target in $subdir"; \ if test "$subdir" = "."; then \ dot_seen=yes; \ local_target="$target-am"; \ else \ local_target="$target"; \ fi; \ (cd $subdir && make $local_target) \ || eval $failcom; \ done; \ if test "$dot_seen" = "no"; then \ make "$target-am" || exit 1; \ fi; test -z "$fail" make: Fatal error: Command failed for target `install-recursive' After much digging around I have discovered that the mknod command cannot be used within a solaris 10 zone, I have gotten round this previously by installing stunnel from the global zone but that intertwines the parent zone with the child zone and ideally we would like to keep these as independent of each other as possible as we use these zones for 3rs party applications and hence we have a lot of other user traffic on these zones. Thanks in advance for your help. Kind Regards, Trishul Shah Blue Square Tel: 020 7288 7920 Mob: 07789 982 688 Fax: 020 7288 7955

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users May 2006